Windows

10/17/2017

New tests by NSS Labs have found that Edge is the better browser for stopping phishing attacks and blocking malware downloads. Edge is even better that Chrome and Firefox. NSS Labs ran continuous tests for 23 days from August 23rd to September 15th. They threw socially-engineered malware (SEM) samples at the browsers. Edge version 38 blocked 96% of the samples, whereas Chrome blocked 88% and Firefox only stopped 70%. The researchers describe SEM attacks as "a dynamic combination of social media, hijacked email accounts, false notification of computer problems, and other deceptions to encourage users to download malware."

Edge did even better when it came to phishing, blocking 92% of malicious URLs, compared to Chrome's 75% and Firefox's 61%. Edge did even better when dealing with zero-hour SEM. Even with these very limited test results, I'll stick with Chrome.

10/12/2017

Trend Micro reported that Microsoft's Patch Tuesday for October addressed 62 vulnerabilities, 27 of which are designated as critical and 35 designated as important. The fixes are for Microsoft Windows, Office, Skype for Business, IE, Exchange Server, Edge and .NET framework. Probably one of the most significant parts of this month's Patch Tuesday is the end of support for Office 2007 and Outlook 2007.

Hopefully, readers already know to install updates as soon as possible. A memory corruption vulnerability in Microsoft Office is actively being exploited in the wild. Hit that update button now if you haven't already.

09/19/2017

CCleaner is a popular consumer utility for cleaning up a Windows system. Unfortunately, CCleaner was compromised by hackers to distribute a malware laden version capable of capturing your data and possibly taking screen shots too. The attacker added malware to the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. There will be a registry key added if you are infected with the bad version. According to Bleeping Computer, under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Piriform\Agomo, there will be two data values named MUID and TCID, which are used by the installed Floxif infection. Upgrading to the latest version of CCleaner will not remove the key.

You have to manually update CCleaner to version 5.34 in order to remove the malware. Avast said it already pushed an update to CCleaner Cloud users, and they should be fine. The clean version is CCleaner Cloud 1.07.3214.

This would be a good time to remind readers that CCleaner is licensed for personal use only. You are violating the license agreement if you use CCleaner on your work computer.

09/13/2017

According to a report by Threat Post, Security researchers at IoT security firm Armis have discovered several bugs that allow hackers to access your device because Bluetooth is on. Armis is calling the collection of eight zero-day vulnerabilities BlueBorne. "If exploited, the vulnerabilities could enable an attacker to take over devices, spread malware, or establish a 'man-in-the-middle' to gain access to critical data and networks without user interaction," according to the company. "The attack does not require the targeted device to be paired to the attacker's device, or even to be set on discoverable mode… since the Bluetooth process has high privileges on all operating systems, exploiting it provides virtually full control over the device." The BlueBorne vulnerabilities include:

Apple devices running iOS 10 are safe from BlueBorne, but older versions are vulnerable. Microsoft deployed a patch in July to deal with BlueBorne. Google has provided a patch for Android, but it is up to the carriers to distribute the update. If you are using an Android device that can't run Marshmallow, Nougat or Oreo; or an Apple device that can't run iOS 10; you will never see a patch. Now would be a good time to upgrade your hardware.

08/24/2017

If you are a Mac user, chances are there is some Windows application that you have to run. The solution for many is to run virtualization software such as Parallels or VMware. Both have announced new versions for the Mac OS. Parallels Desktop 13 for Mac is available now. VMware Fusion 10 for Mac and Workstation 14 for Windows and Linux will be available in October. Both products are adding support for the new MacBook Pro's Touch Bar.

According to ars Technica, "For people who need to run Windows or Linux on more than one Mac, the VMware pricing is better. A Parallels Desktop 13 license for one Mac costs $79.99 as a one-time purchase. That gets you the entry-level edition; Parallels' professional edition with extra features is licensed as a subscription costing $99.99 a year for each Mac. Customers upgrading from version 11 or 12 can get a perpetual license for a one-time charge of $49.99 or the subscription for $49.99 a year."

I am a big fan of VMware and would suggest you look at its products first.

08/16/2017

A lot of people use RDP (Remote Desktop Protocol) to remotely access their computers. Security researchers from Rapid7 conducted an Internet wide scan and discovered over 11 million devices with 3389/TCP ports left open online. Of the 11 million, over 4.1 million specifically supported the RDP protocol. In early 2016, 9 million devices had open 3389 ports and late 2016 the number increased to 9.4 million. RDP isn't a bad thing, but should be implemented securely.

A Webroot report from March 2017 pins RDP as the favorite method for delivering ransomware. The good news is that over 83% of the RDP endpoints were ready to initiate connections and authenticate using CredSSP, a security protocol. Over 15% didn't support SSL/TLS or only supported the standard RDP security, which is susceptible to man-in-the-middle (MITM) attacks. According to Bleeping Computer, "Most RDP endpoints are compromised because admins forget to enable authentication, use easy-to-guess credentials, or don't use a firewall to control access to the RDP machine. Just by the fact that Rapid7 discovered these 4.1 million devices with open RDP ports means they were not sitting behind a firewall. In the case of a new RDP exploit or zero-day, these devices would automatically become cannon fodder for the next major malware outbreak."

The implementation of RDP is the problem. If you use RDP for remote management into your network, make sure you configure the connection for secure authentication and consider using a two-factor authentication method like Duo Security.

08/10/2017

If you are running a Windows environment, hopefully you have heard of group policies. If not, learn about them. Basically, Group Policy Objects (GPO) are settings that are enforced on computers (and users too) to control security settings and other operational behaviors. Without getting really into the weeds, GPOs are applied within the Active Directory environment and can "trickle" down from the domain, site, computer, user, etc. There are a "ton" of available settings. As an example, Windows Server 2012 R2 has more than 3,700 settings for the operating system alone. With so many options, which ones should you concentrate on? CSO has a post that lists the ten policies that you should really care about.

Rename the Local Administrator Account

Disable the Guest Account

Disable LM and NTLM v1

Disable LM hash storage

Minimum password length

Maximum password age

Event logs

Disable anonymous SID enumeration

Don't let the anonymous account reside in the everyone group

Enable User Account Control

Read the post to get details for each of the GPOs identified. I would disagree with portions of numbers 5 and 6, especially given the anticipated approval of password usage from NIST. I would suggest having a minimum of 15 or more characters for ALL users, not just elevated account users. Also, in conformance to the anticipated NIST guidelines, don't expire the passwords unless you know they have been compromised in a breach. There are some other cool things you can do with a GPO as well. Defining a specific screen saver timeout, automatically installing printers and installing software applications are just of few of the additional items to consider.

08/01/2017

Generally, Microsoft supports products for a ten year cycle. There have been a few exceptions, but when will your product go out of support? ZDNet originally published a post in 2013 that addressed end-of-life dates and has now been updated to cover current products. Office 2007 support ends October 10, 2017. Windows 10 support extends until October 2025. There are a bunch of Windows 10 releases, which means that support dates are all over the map. Office 2013 extended support ends April 11, 2023.

Take a look at the post to see when your particular product goes out of support.

07/13/2017

On July 11, 2017, Microsoft ended support of Windows Phone 8.1. Not that there are a lot of Windows Phone 8.1 users out there, but it highlights another issue with using unsupported technology, especially in the business environment. I've never been a big fan of BYOD (Bring Your Own Disaster) and even less so these days. When you allow employees to connect their personal devices to the company network, there is a risk of data compromise because they haven't installed the latest updates, are running unsupported software or already have an infected device.

A lot of SMB (Small Medium Business) companies don't have technology to monitor and control the BYOD movement. If you use an Exchange server, you can use some of the policies within Active Sync to enforce such things as passwords, encryption and remote wipe criteria.

Unless you have something in place that tells you when an employee connects a non-supported OS mobile device to your network, you're at risk. What if someone doesn't want to upgrade their iPhone to a hardware platform that supports the latest version of iOS? Android users are just as guilty and don't want to pay money to get hardware that will run the current supported versions of the Android OS.

If you aren't spending money on a MDM (Mobile Device Manager) that identifies outdated and unsupported operating systems, you may want to consider implementing some alternate methods. As an example, the 2FA (two factor authentication) system from Duo will identify devices that are running unsupported operating systems. Bottom line…know what is being connected to your network.

07/10/2017

You're probably pretty ticked off by now if you purchased a new Microsoft Surface Pro and it keeps shutting down unexpectedly. Apparently, you are not alone. Computerworldreported that the Surface Pro 2017 (the one that doesn't have a model number) shuts down without warning. The current recommendation is to return the device for a newer model. Microsoft Answers Forum moderator, MVP, and long-standing Surface guru Barb Bowman said:

"Based on the fact that it has historically taken Microsoft months and months to identify issues and come out with a fix and since these devices are still eligible for return for full refund, you may want to consider returning for a full refund and repurchasing. If you do that, you get another 30 days of being able to return and repurchase, etc. The reason I say this is that 6 months down the road, Microsoft will exchange for a refurb if they determine it is a hardware issue and the quality of the refurbs has not been consistent."

Sensei Enterprises, Inc.

3975 University Drive
Suite 225
Fairfax, VA 22030
703.359.0700

Disclaimer

This blog is intended to impart general information and does not offer specific legal advice. Use of this blog does not create an attorney-client relationship. If you require legal advice, consult an attorney.